Everyone is welcome to peruse the job offerings posted here. No replies are allowed, but feel free to contact the recruiters directly using the provided info in each listing. Email lookingtohire (at) ethicalhacker.net for access information.

• Input validation bypass – Client side validation routines and bounds-checking restrictions are removed to ensure controls are implemented on all application parameters sent to the server.• SQL injection – Specially crafted SQL commands are submitted in input fields to validate input controls are in place to properly protect database data.• Cross-site scripting – Active content is submitted to the application in an attempt to cause a user's web browser to execute unauthorized and unfiltered code. This test is meant to validate user input controls.• Parameter tampering - Query strings, POST parameters, and hidden fields are modified in an attempt to gain unauthorized access to user data or application functionality.• Cookie poisoning – Data sent in cookies is modified in order to test application response to receiving unexpected cookie values.• Session hijacking – Client attempts to take over a session established by another user to assume the privileges of that user.• User privilege escalation – Client attempts to gain unauthorized access to administrator or other users’ privileges.• Credential manipulation – Client modifies identification and authorization credentials in an attempt to gain unauthorized access to other users’ data and application functionality.• Forceful browsing – Client enumerates files located on a web server in an attempt to access files and user data not explicitly shown to the user within the application interface.• Backdoors and debug options – Many applications contain code left by developers for debugging purposes. Debugging code typically runs with a higher level of access, making it a target for potential exploitation. Application developers may leave backdoors in their code. Client Business will identify these options that could potentially allow an intruder to gain additional levels of access.• Configuration subversion – Improperly configured web servers and application servers are common attack vectors. Client assesses the software features, as well as the application and server configuration for poor configurations.